Class IamPolicySearchResult (3.5.0)

IamPolicySearchResult(mapping=None, *, ignore_unknown_fields=False, **kwargs)

The result for a IAM Policy search. .. attribute:: resource

The full resource name <https://cloud.google.com/apis/design/resource_names#full_resource_name>__ of the resource associated with this IAM policy.

:type: str

Attributes

NameDescription
project str
The project that the associated GCP resource belongs to, in the form of projects/{project_number}. If an IAM policy is set on a resource (like VM instance, Cloud Storage bucket), the project field will indicate the project that contains the resource. If an IAM policy is set on a folder or orgnization, the project field will be empty.
policy google.iam.v1.policy_pb2.Policy
The IAM policy directly set on the given resource. Note that the original IAM policy can contain multiple bindings. This only contains the bindings that match the given query. For queries that don't contain a constrain on policies (e.g. an empty query), this contains all the bindings.
explanation google.cloud.asset_v1p1beta1.types.IamPolicySearchResult.Explanation
Explanation about the IAM policy search result. It contains additional information to explain why the search result matches the query.

Classes

Explanation

Explanation(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Explanation about the IAM policy search result. .. attribute:: matched_permissions

The map from roles to their included permission matching the permission query (e.g. containing policy.role.permissions:). A sample role string: "roles/compute.instanceAdmin". The roles can also be found in the returned policy bindings. Note that the map is populated only if requesting with a permission query.

:type: Sequence[google.cloud.asset_v1p1beta1.types.IamPolicySearchResult.Explanation.MatchedPermissionsEntry]